Read More

The records, which included 'identifiable sensitive data' about 19 of the patients, were uploaded to a server run by Intersystems, which provides the hospital's Trakcare electronic patient records system.

The incident has now been reported to the Information Commissioner's Office - an independent authority which promotes data privacy for individuals and has the power to enforce fines.

Gloucestershire Royal Hospital

Health chiefs say the patients data had been on the internal server for four days before they were removed.

The hospitals trust also said the data was "secure at all times," was not in the public domain, and could not have been accessed by an unauthorised user.

A trust board paper said in November that the error was caused by "a technical operation where an internal configuration setting caused an incorrect set of information to be transferred."

Changes have now been made to the system to ensure such a mistake cannot happen again, the trust has said.

Read More

A spokesman for the hospitals trust said: "We take our responsibility to secure all patient identifiable data extremely seriously. In October this year, we became aware that a small amount of patient data in TrakCare, our electronic patient record, was being hosted in an unexpected location on an external server hosted by our information systems’ supplier.

"The data was immediately removed but had been stored on this location for 4 days; 19 sets of data contained patient identifiable information.

"As a result of this breach, the Trust reported this incident to the Information Commissioner’s Office (ICO). We are currently awaiting ICO advice on the reported incident. It is important to stress that this data was secure at all times and could not have been accessed by an unauthorised user.”